Remote Code Execution in TXpert Hub CoreTec 4
CVE-2021-35531

6.7MEDIUM

Key Information:

Vendor: Hitachi
Status: Txpert Hub Coretec 4 Version
Vendor: CVE Published:; 10 May 2022

Summary

Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.

Affected Version(s)

TXpert Hub CoreTec 4 version 2.0.0

TXpert Hub CoreTec 4 version 2.0.1

TXpert Hub CoreTec 4 version 2.1.0

References

https://search.abb.com/library/Download.aspx?DocumentID=8...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2022
Vulnerability Reserved
Jun 28, 2021